SB2026042408 - Multiple vulnerabilities in Text Generation Web UI
Published: April 24, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 vulnerabilities.
1) Server-Side Request Forgery (SSRF) (CVE-ID: N/A)
CWE-ID: CWE-918 - Server-Side Request Forgery (SSRF)
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote user to access internal network resources and disclose sensitive information.
The vulnerability exists due to server-side request forgery (SSRF) in the OpenAI-compatible multimodal image fetching functionality when processing attacker-controlled image_url values in API requests. A remote user can send a specially crafted request containing an arbitrary image_url to access internal network resources and disclose sensitive information.
The issue affects the OpenAI-compatible endpoints POST /v1/chat/completions and POST /v1/completions, and can reach loopback, private-network, or metadata endpoints depending on deployment.
2) Path traversal (CVE-ID: CVE-2026-35050)
CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote user to execute arbitrary code.
The vulnerability exists due to path traversal in the extension settings save functionality when handling crafted file path and file content input. A remote privileged user can overwrite python files in the application root directory to execute arbitrary code.
Exploitation can be triggered when the overwritten file is later invoked from the Model menu during a model download operation.
3) Server-Side Request Forgery (SSRF) (CVE-ID: N/A)
CWE-ID: CWE-918 - Server-Side Request Forgery (SSRF)
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote user to disclose sensitive information and cause a denial of service.
The vulnerability exists due to server-side request forgery in OpenAI-compatible multimodal image_url fetching when handling crafted image_url values in requests to the OpenAI-compatible endpoints. A remote user can send a specially crafted request containing an attacker-controlled image_url to disclose sensitive information and cause a denial of service.
The issue affects requests processed through POST /v1/chat/completions and POST /v1/completions, and can reach internal or loopback destinations from the server network context.
Remediation
Install update from vendor's website.
References
- https://github.com/oobabooga/text-generation-webui/security/advisories/GHSA-fpwc-4mvr-7jpr
- https://github.com/advisories/GHSA-fpwc-4mvr-7jpr
- https://github.com/oobabooga/text-generation-webui/security/advisories/GHSA-jg96-p5p6-q3cv
- https://github.com/advisories/GHSA-jg96-p5p6-q3cv
- https://github.com/oobabooga/textgen/security/advisories/GHSA-fpwc-4mvr-7jpr